1 /*
2 * hostapd / Radio Measurement (RRM)
3 * Copyright(c) 2013 - 2016 Intel Mobile Communications GmbH.
4 * Copyright(c) 2011 - 2016 Intel Corporation. All rights reserved.
5 * Copyright (c) 2016-2017, Jouni Malinen <j@w1.fi>
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11 #include "utils/includes.h"
12
13 #include "utils/common.h"
14 #include "common/wpa_ctrl.h"
15 #include "hostapd.h"
16 #include "ap_drv_ops.h"
17 #include "sta_info.h"
18 #include "eloop.h"
19 #include "neighbor_db.h"
20 #include "rrm.h"
21
22 #define HOSTAPD_RRM_REQUEST_TIMEOUT 5
23
24
hostapd_lci_rep_timeout_handler(void * eloop_data,void * user_ctx)25 static void hostapd_lci_rep_timeout_handler(void *eloop_data, void *user_ctx)
26 {
27 struct hostapd_data *hapd = eloop_data;
28
29 wpa_printf(MSG_DEBUG, "RRM: LCI request (token %u) timed out",
30 hapd->lci_req_token);
31 hapd->lci_req_active = 0;
32 }
33
34
hostapd_handle_lci_report(struct hostapd_data * hapd,u8 token,const u8 * pos,size_t len)35 static void hostapd_handle_lci_report(struct hostapd_data *hapd, u8 token,
36 const u8 *pos, size_t len)
37 {
38 if (!hapd->lci_req_active || hapd->lci_req_token != token) {
39 wpa_printf(MSG_DEBUG, "Unexpected LCI report, token %u", token);
40 return;
41 }
42
43 hapd->lci_req_active = 0;
44 eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd, NULL);
45 wpa_printf(MSG_DEBUG, "LCI report token %u len %zu", token, len);
46 }
47
48
hostapd_range_rep_timeout_handler(void * eloop_data,void * user_ctx)49 static void hostapd_range_rep_timeout_handler(void *eloop_data, void *user_ctx)
50 {
51 struct hostapd_data *hapd = eloop_data;
52
53 wpa_printf(MSG_DEBUG, "RRM: Range request (token %u) timed out",
54 hapd->range_req_token);
55 hapd->range_req_active = 0;
56 }
57
58
hostapd_handle_range_report(struct hostapd_data * hapd,u8 token,const u8 * pos,size_t len)59 static void hostapd_handle_range_report(struct hostapd_data *hapd, u8 token,
60 const u8 *pos, size_t len)
61 {
62 if (!hapd->range_req_active || hapd->range_req_token != token) {
63 wpa_printf(MSG_DEBUG, "Unexpected range report, token %u",
64 token);
65 return;
66 }
67
68 hapd->range_req_active = 0;
69 eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd, NULL);
70 wpa_printf(MSG_DEBUG, "Range report token %u len %zu", token, len);
71 }
72
73
hostapd_handle_beacon_report(struct hostapd_data * hapd,const u8 * addr,u8 token,u8 rep_mode,const u8 * pos,size_t len)74 static void hostapd_handle_beacon_report(struct hostapd_data *hapd,
75 const u8 *addr, u8 token, u8 rep_mode,
76 const u8 *pos, size_t len)
77 {
78 char report[2 * 255 + 1];
79
80 wpa_printf(MSG_DEBUG, "Beacon report token %u len %zu from " MACSTR,
81 token, len, MAC2STR(addr));
82 /* Skip to the beginning of the Beacon report */
83 if (len < 3)
84 return;
85 pos += 3;
86 len -= 3;
87 report[0] = '\0';
88 if (wpa_snprintf_hex(report, sizeof(report), pos, len) < 0)
89 return;
90 wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
91 MAC2STR(addr), token, rep_mode, report);
92 }
93
94
hostapd_handle_radio_msmt_report(struct hostapd_data * hapd,const u8 * buf,size_t len)95 static void hostapd_handle_radio_msmt_report(struct hostapd_data *hapd,
96 const u8 *buf, size_t len)
97 {
98 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
99 const u8 *pos, *ie, *end;
100 u8 token, rep_mode;
101
102 end = buf + len;
103 token = mgmt->u.action.u.rrm.dialog_token;
104 pos = mgmt->u.action.u.rrm.variable;
105
106 while ((ie = get_ie(pos, end - pos, WLAN_EID_MEASURE_REPORT))) {
107 if (ie[1] < 3) {
108 wpa_printf(MSG_DEBUG, "Bad Measurement Report element");
109 break;
110 }
111
112 rep_mode = ie[3];
113 wpa_printf(MSG_DEBUG, "Measurement report mode 0x%x type %u",
114 rep_mode, ie[4]);
115
116 switch (ie[4]) {
117 case MEASURE_TYPE_LCI:
118 hostapd_handle_lci_report(hapd, token, ie + 2, ie[1]);
119 break;
120 case MEASURE_TYPE_FTM_RANGE:
121 hostapd_handle_range_report(hapd, token, ie + 2, ie[1]);
122 break;
123 case MEASURE_TYPE_BEACON:
124 hostapd_handle_beacon_report(hapd, mgmt->sa, token,
125 rep_mode, ie + 2, ie[1]);
126 break;
127 default:
128 wpa_printf(MSG_DEBUG,
129 "Measurement report type %u is not supported",
130 ie[4]);
131 break;
132 }
133
134 pos = ie + ie[1] + 2;
135 }
136 }
137
138
hostapd_parse_location_lci_req_age(const u8 * buf,size_t len)139 static u16 hostapd_parse_location_lci_req_age(const u8 *buf, size_t len)
140 {
141 const u8 *subelem;
142
143 /* Range Request element + Location Subject + Maximum Age subelement */
144 if (len < 3 + 1 + 4)
145 return 0;
146
147 /* Subelements are arranged as IEs */
148 subelem = get_ie(buf + 4, len - 4, LCI_REQ_SUBELEM_MAX_AGE);
149 if (subelem && subelem[1] == 2)
150 return WPA_GET_LE16(subelem + 2);
151
152 return 0;
153 }
154
155
hostapd_check_lci_age(struct hostapd_neighbor_entry * nr,u16 max_age)156 static int hostapd_check_lci_age(struct hostapd_neighbor_entry *nr, u16 max_age)
157 {
158 struct os_time curr, diff;
159 unsigned long diff_l;
160
161 if (nr->stationary || max_age == 0xffff)
162 return 1;
163
164 if (!max_age)
165 return 0;
166
167 if (os_get_time(&curr))
168 return 0;
169
170 os_time_sub(&curr, &nr->lci_date, &diff);
171
172 /* avoid overflow */
173 if (diff.sec > 0xffff)
174 return 0;
175
176 /* LCI age is calculated in 10th of a second units. */
177 diff_l = diff.sec * 10 + diff.usec / 100000;
178
179 return max_age > diff_l;
180 }
181
182
hostapd_neighbor_report_len(struct wpabuf * buf,struct hostapd_neighbor_entry * nr,int send_lci,int send_civic)183 static size_t hostapd_neighbor_report_len(struct wpabuf *buf,
184 struct hostapd_neighbor_entry *nr,
185 int send_lci, int send_civic)
186 {
187 size_t len = 2 + wpabuf_len(nr->nr);
188
189 if (send_lci && nr->lci)
190 len += 2 + wpabuf_len(nr->lci);
191
192 if (send_civic && nr->civic)
193 len += 2 + wpabuf_len(nr->civic);
194
195 return len;
196 }
197
198
hostapd_send_nei_report_resp(struct hostapd_data * hapd,const u8 * addr,u8 dialog_token,struct wpa_ssid_value * ssid,u8 lci,u8 civic,u16 lci_max_age)199 static void hostapd_send_nei_report_resp(struct hostapd_data *hapd,
200 const u8 *addr, u8 dialog_token,
201 struct wpa_ssid_value *ssid, u8 lci,
202 u8 civic, u16 lci_max_age)
203 {
204 struct hostapd_neighbor_entry *nr;
205 struct wpabuf *buf;
206 u8 *msmt_token;
207
208 /*
209 * The number and length of the Neighbor Report elements in a Neighbor
210 * Report frame is limited by the maximum allowed MMPDU size; + 3 bytes
211 * of RRM header.
212 */
213 buf = wpabuf_alloc(3 + IEEE80211_MAX_MMPDU_SIZE);
214 if (!buf)
215 return;
216
217 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
218 wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_RESPONSE);
219 wpabuf_put_u8(buf, dialog_token);
220
221 dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
222 list) {
223 int send_lci;
224 size_t len;
225
226 if (ssid->ssid_len != nr->ssid.ssid_len ||
227 os_memcmp(ssid->ssid, nr->ssid.ssid, ssid->ssid_len) != 0)
228 continue;
229
230 send_lci = (lci != 0) && hostapd_check_lci_age(nr, lci_max_age);
231 len = hostapd_neighbor_report_len(buf, nr, send_lci, civic);
232
233 if (len - 2 > 0xff) {
234 wpa_printf(MSG_DEBUG,
235 "NR entry for " MACSTR " exceeds 0xFF bytes",
236 MAC2STR(nr->bssid));
237 continue;
238 }
239
240 if (len > wpabuf_tailroom(buf))
241 break;
242
243 wpabuf_put_u8(buf, WLAN_EID_NEIGHBOR_REPORT);
244 wpabuf_put_u8(buf, len - 2);
245 wpabuf_put_buf(buf, nr->nr);
246
247 if (send_lci && nr->lci) {
248 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REPORT);
249 wpabuf_put_u8(buf, wpabuf_len(nr->lci));
250 /*
251 * Override measurement token - the first byte of the
252 * Measurement Report element.
253 */
254 msmt_token = wpabuf_put(buf, 0);
255 wpabuf_put_buf(buf, nr->lci);
256 *msmt_token = lci;
257 }
258
259 if (civic && nr->civic) {
260 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REPORT);
261 wpabuf_put_u8(buf, wpabuf_len(nr->civic));
262 /*
263 * Override measurement token - the first byte of the
264 * Measurement Report element.
265 */
266 msmt_token = wpabuf_put(buf, 0);
267 wpabuf_put_buf(buf, nr->civic);
268 *msmt_token = civic;
269 }
270 }
271
272 hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
273 wpabuf_head(buf), wpabuf_len(buf));
274 wpabuf_free(buf);
275 }
276
277
hostapd_handle_nei_report_req(struct hostapd_data * hapd,const u8 * buf,size_t len)278 static void hostapd_handle_nei_report_req(struct hostapd_data *hapd,
279 const u8 *buf, size_t len)
280 {
281 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
282 const u8 *pos, *ie, *end;
283 struct wpa_ssid_value ssid = {
284 .ssid_len = 0
285 };
286 u8 token;
287 u8 lci = 0, civic = 0; /* Measurement tokens */
288 u16 lci_max_age = 0;
289
290 if (!(hapd->conf->radio_measurements[0] &
291 WLAN_RRM_CAPS_NEIGHBOR_REPORT))
292 return;
293
294 end = buf + len;
295
296 token = mgmt->u.action.u.rrm.dialog_token;
297 pos = mgmt->u.action.u.rrm.variable;
298 len = end - pos;
299
300 ie = get_ie(pos, len, WLAN_EID_SSID);
301 if (ie && ie[1] && ie[1] <= SSID_MAX_LEN) {
302 ssid.ssid_len = ie[1];
303 os_memcpy(ssid.ssid, ie + 2, ssid.ssid_len);
304 } else {
305 ssid.ssid_len = hapd->conf->ssid.ssid_len;
306 os_memcpy(ssid.ssid, hapd->conf->ssid.ssid, ssid.ssid_len);
307 }
308
309 while ((ie = get_ie(pos, len, WLAN_EID_MEASURE_REQUEST))) {
310 if (ie[1] < 3)
311 break;
312
313 wpa_printf(MSG_DEBUG,
314 "Neighbor report request, measure type %u",
315 ie[4]);
316
317 switch (ie[4]) { /* Measurement Type */
318 case MEASURE_TYPE_LCI:
319 lci = ie[2]; /* Measurement Token */
320 lci_max_age = hostapd_parse_location_lci_req_age(ie + 2,
321 ie[1]);
322 break;
323 case MEASURE_TYPE_LOCATION_CIVIC:
324 civic = ie[2]; /* Measurement token */
325 break;
326 }
327
328 pos = ie + ie[1] + 2;
329 len = end - pos;
330 }
331
332 hostapd_send_nei_report_resp(hapd, mgmt->sa, token, &ssid, lci, civic,
333 lci_max_age);
334 }
335
336
hostapd_link_mesr_rep_timeout_handler(void * eloop_data,void * user_ctx)337 static void hostapd_link_mesr_rep_timeout_handler(void *eloop_data,
338 void *user_ctx)
339 {
340 struct hostapd_data *hapd = eloop_data;
341
342 wpa_printf(MSG_DEBUG,
343 "RRM: Link measurement request (token %u) timed out",
344 hapd->link_measurement_req_token);
345 hapd->link_mesr_req_active = 0;
346 }
347
348
hostapd_handle_link_mesr_report(struct hostapd_data * hapd,const u8 * buf,size_t len)349 static void hostapd_handle_link_mesr_report(struct hostapd_data *hapd,
350 const u8 *buf, size_t len)
351 {
352 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
353 const struct rrm_link_measurement_report *report;
354 const u8 *pos, *end;
355 char report_msg[2 * 8 + 1];
356
357 end = buf + len;
358 pos = mgmt->u.action.u.rrm.variable;
359 report = (const struct rrm_link_measurement_report *) (pos - 1);
360 if (end - (const u8 *) report < (int) sizeof(*report))
361 return;
362
363 if (!hapd->link_mesr_req_active ||
364 (hapd->link_measurement_req_token != report->dialog_token)) {
365 wpa_printf(MSG_INFO,
366 "Unexpected Link measurement report, token %u",
367 report->dialog_token);
368 return;
369 }
370
371 hapd->link_mesr_req_active = 0;
372 eloop_cancel_timeout(hostapd_link_mesr_rep_timeout_handler, hapd, NULL);
373
374 report_msg[0] = '\0';
375 if (wpa_snprintf_hex(report_msg, sizeof(report_msg),
376 pos, end - pos) < 0)
377 return;
378
379 wpa_msg(hapd->msg_ctx, MSG_INFO, LINK_MSR_RESP_RX MACSTR " %u %s",
380 MAC2STR(mgmt->sa), report->dialog_token, report_msg);
381 }
382
383
hostapd_handle_radio_measurement(struct hostapd_data * hapd,const u8 * buf,size_t len)384 void hostapd_handle_radio_measurement(struct hostapd_data *hapd,
385 const u8 *buf, size_t len)
386 {
387 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
388
389 /*
390 * Check for enough bytes: header + (1B)Category + (1B)Action +
391 * (1B)Dialog Token.
392 */
393 if (len < IEEE80211_HDRLEN + 3)
394 return;
395
396 wpa_printf(MSG_DEBUG, "Radio measurement frame, action %u from " MACSTR,
397 mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
398
399 switch (mgmt->u.action.u.rrm.action) {
400 case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
401 hostapd_handle_radio_msmt_report(hapd, buf, len);
402 break;
403 case WLAN_RRM_NEIGHBOR_REPORT_REQUEST:
404 hostapd_handle_nei_report_req(hapd, buf, len);
405 break;
406 case WLAN_RRM_LINK_MEASUREMENT_REPORT:
407 hostapd_handle_link_mesr_report(hapd, buf, len);
408 break;
409 default:
410 wpa_printf(MSG_DEBUG, "RRM action %u is not supported",
411 mgmt->u.action.u.rrm.action);
412 break;
413 }
414 }
415
416
hostapd_send_lci_req(struct hostapd_data * hapd,const u8 * addr)417 int hostapd_send_lci_req(struct hostapd_data *hapd, const u8 *addr)
418 {
419 struct wpabuf *buf;
420 struct sta_info *sta = ap_get_sta(hapd, addr);
421 int ret;
422
423 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
424 wpa_printf(MSG_INFO,
425 "Request LCI: Destination address is not connected");
426 return -1;
427 }
428
429 if (!(sta->rrm_enabled_capa[1] & WLAN_RRM_CAPS_LCI_MEASUREMENT)) {
430 wpa_printf(MSG_INFO,
431 "Request LCI: Station does not support LCI in RRM");
432 return -1;
433 }
434
435 if (hapd->lci_req_active) {
436 wpa_printf(MSG_DEBUG,
437 "Request LCI: LCI request is already in process, overriding");
438 hapd->lci_req_active = 0;
439 eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd,
440 NULL);
441 }
442
443 /* Measurement request (5) + Measurement element with LCI (10) */
444 buf = wpabuf_alloc(5 + 10);
445 if (!buf)
446 return -1;
447
448 hapd->lci_req_token++;
449 /* For wraparounds - the token must be nonzero */
450 if (!hapd->lci_req_token)
451 hapd->lci_req_token++;
452
453 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
454 wpabuf_put_u8(buf, WLAN_RRM_RADIO_MEASUREMENT_REQUEST);
455 wpabuf_put_u8(buf, hapd->lci_req_token);
456 wpabuf_put_le16(buf, 0); /* Number of repetitions */
457
458 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
459 wpabuf_put_u8(buf, 3 + 1 + 4);
460
461 wpabuf_put_u8(buf, 1); /* Measurement Token */
462 /*
463 * Parallel and Enable bits are 0, Duration, Request, and Report are
464 * reserved.
465 */
466 wpabuf_put_u8(buf, 0);
467 wpabuf_put_u8(buf, MEASURE_TYPE_LCI);
468
469 wpabuf_put_u8(buf, LOCATION_SUBJECT_REMOTE);
470
471 wpabuf_put_u8(buf, LCI_REQ_SUBELEM_MAX_AGE);
472 wpabuf_put_u8(buf, 2);
473 wpabuf_put_le16(buf, 0xffff);
474
475 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
476 wpabuf_head(buf), wpabuf_len(buf));
477 wpabuf_free(buf);
478 if (ret)
479 return ret;
480
481 hapd->lci_req_active = 1;
482
483 eloop_register_timeout(HOSTAPD_RRM_REQUEST_TIMEOUT, 0,
484 hostapd_lci_rep_timeout_handler, hapd, NULL);
485
486 return 0;
487 }
488
489
hostapd_send_range_req(struct hostapd_data * hapd,const u8 * addr,u16 random_interval,u8 min_ap,const u8 * responders,unsigned int n_responders)490 int hostapd_send_range_req(struct hostapd_data *hapd, const u8 *addr,
491 u16 random_interval, u8 min_ap,
492 const u8 *responders, unsigned int n_responders)
493 {
494 struct wpabuf *buf;
495 struct sta_info *sta;
496 u8 *len;
497 unsigned int i;
498 int ret;
499
500 wpa_printf(MSG_DEBUG, "Request range: dest addr " MACSTR
501 " rand interval %u min AP %u n_responders %u", MAC2STR(addr),
502 random_interval, min_ap, n_responders);
503
504 if (min_ap == 0 || min_ap > n_responders) {
505 wpa_printf(MSG_INFO, "Request range: Wrong min AP count");
506 return -1;
507 }
508
509 sta = ap_get_sta(hapd, addr);
510 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
511 wpa_printf(MSG_INFO,
512 "Request range: Destination address is not connected");
513 return -1;
514 }
515
516 if (!(sta->rrm_enabled_capa[4] & WLAN_RRM_CAPS_FTM_RANGE_REPORT)) {
517 wpa_printf(MSG_ERROR,
518 "Request range: Destination station does not support FTM range report in RRM");
519 return -1;
520 }
521
522 if (hapd->range_req_active) {
523 wpa_printf(MSG_DEBUG,
524 "Request range: Range request is already in process; overriding");
525 hapd->range_req_active = 0;
526 eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd,
527 NULL);
528 }
529
530 /* Action + measurement type + token + reps + EID + len = 7 */
531 buf = wpabuf_alloc(7 + 255);
532 if (!buf)
533 return -1;
534
535 hapd->range_req_token++;
536 if (!hapd->range_req_token) /* For wraparounds */
537 hapd->range_req_token++;
538
539 /* IEEE P802.11-REVmc/D5.0, 9.6.7.2 */
540 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
541 wpabuf_put_u8(buf, WLAN_RRM_RADIO_MEASUREMENT_REQUEST);
542 wpabuf_put_u8(buf, hapd->range_req_token); /* Dialog Token */
543 wpabuf_put_le16(buf, 0); /* Number of Repetitions */
544
545 /* IEEE P802.11-REVmc/D5.0, 9.4.2.21 */
546 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
547 len = wpabuf_put(buf, 1); /* Length will be set later */
548
549 wpabuf_put_u8(buf, 1); /* Measurement Token */
550 /*
551 * Parallel and Enable bits are 0; Duration, Request, and Report are
552 * reserved.
553 */
554 wpabuf_put_u8(buf, 0); /* Measurement Request Mode */
555 wpabuf_put_u8(buf, MEASURE_TYPE_FTM_RANGE); /* Measurement Type */
556
557 /* IEEE P802.11-REVmc/D5.0, 9.4.2.21.19 */
558 wpabuf_put_le16(buf, random_interval); /* Randomization Interval */
559 wpabuf_put_u8(buf, min_ap); /* Minimum AP Count */
560
561 /* FTM Range Subelements */
562
563 /*
564 * Taking the neighbor report part of the range request from neighbor
565 * database instead of requesting the separate bits of data from the
566 * user.
567 */
568 for (i = 0; i < n_responders; i++) {
569 struct hostapd_neighbor_entry *nr;
570
571 nr = hostapd_neighbor_get(hapd, responders + ETH_ALEN * i,
572 NULL);
573 if (!nr) {
574 wpa_printf(MSG_INFO, "Missing neighbor report for "
575 MACSTR, MAC2STR(responders + ETH_ALEN * i));
576 wpabuf_free(buf);
577 return -1;
578 }
579
580 if (wpabuf_tailroom(buf) < 2 + wpabuf_len(nr->nr)) {
581 wpa_printf(MSG_ERROR, "Too long range request");
582 wpabuf_free(buf);
583 return -1;
584 }
585
586 wpabuf_put_u8(buf, WLAN_EID_NEIGHBOR_REPORT);
587 wpabuf_put_u8(buf, wpabuf_len(nr->nr));
588 wpabuf_put_buf(buf, nr->nr);
589 }
590
591 /* Action + measurement type + token + reps + EID + len = 7 */
592 *len = wpabuf_len(buf) - 7;
593
594 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
595 wpabuf_head(buf), wpabuf_len(buf));
596 wpabuf_free(buf);
597 if (ret)
598 return ret;
599
600 hapd->range_req_active = 1;
601
602 eloop_register_timeout(HOSTAPD_RRM_REQUEST_TIMEOUT, 0,
603 hostapd_range_rep_timeout_handler, hapd, NULL);
604
605 return 0;
606 }
607
608
hostapd_clean_rrm(struct hostapd_data * hapd)609 void hostapd_clean_rrm(struct hostapd_data *hapd)
610 {
611 hostapd_free_neighbor_db(hapd);
612 eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd, NULL);
613 hapd->lci_req_active = 0;
614 eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd, NULL);
615 hapd->range_req_active = 0;
616 eloop_cancel_timeout(hostapd_link_mesr_rep_timeout_handler, hapd, NULL);
617 }
618
619
hostapd_send_beacon_req(struct hostapd_data * hapd,const u8 * addr,u8 req_mode,const struct wpabuf * req)620 int hostapd_send_beacon_req(struct hostapd_data *hapd, const u8 *addr,
621 u8 req_mode, const struct wpabuf *req)
622 {
623 struct wpabuf *buf;
624 struct sta_info *sta = ap_get_sta(hapd, addr);
625 int ret;
626 enum beacon_report_mode mode;
627 const u8 *pos;
628
629 /* Request data:
630 * Operating Class (1), Channel Number (1), Randomization Interval (2),
631 * Measurement Duration (2), Measurement Mode (1), BSSID (6),
632 * Optional Subelements (variable)
633 */
634 if (wpabuf_len(req) < 13) {
635 wpa_printf(MSG_INFO, "Beacon request: Too short request data");
636 return -1;
637 }
638 pos = wpabuf_head(req);
639 mode = pos[6];
640
641 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
642 wpa_printf(MSG_INFO,
643 "Beacon request: " MACSTR " is not connected",
644 MAC2STR(addr));
645 return -1;
646 }
647
648 switch (mode) {
649 case BEACON_REPORT_MODE_PASSIVE:
650 if (!(sta->rrm_enabled_capa[0] &
651 WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE)) {
652 wpa_printf(MSG_INFO,
653 "Beacon request: " MACSTR
654 " does not support passive beacon report",
655 MAC2STR(addr));
656 return -1;
657 }
658 break;
659 case BEACON_REPORT_MODE_ACTIVE:
660 if (!(sta->rrm_enabled_capa[0] &
661 WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE)) {
662 wpa_printf(MSG_INFO,
663 "Beacon request: " MACSTR
664 " does not support active beacon report",
665 MAC2STR(addr));
666 return -1;
667 }
668 break;
669 case BEACON_REPORT_MODE_TABLE:
670 if (!(sta->rrm_enabled_capa[0] &
671 WLAN_RRM_CAPS_BEACON_REPORT_TABLE)) {
672 wpa_printf(MSG_INFO,
673 "Beacon request: " MACSTR
674 " does not support table beacon report",
675 MAC2STR(addr));
676 return -1;
677 }
678 break;
679 default:
680 wpa_printf(MSG_INFO,
681 "Beacon request: Unknown measurement mode %d", mode);
682 return -1;
683 }
684
685 buf = wpabuf_alloc(5 + 2 + 3 + wpabuf_len(req));
686 if (!buf)
687 return -1;
688
689 hapd->beacon_req_token++;
690 if (!hapd->beacon_req_token)
691 hapd->beacon_req_token++;
692
693 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
694 wpabuf_put_u8(buf, WLAN_RRM_RADIO_MEASUREMENT_REQUEST);
695 wpabuf_put_u8(buf, hapd->beacon_req_token);
696 wpabuf_put_le16(buf, 0); /* Number of repetitions */
697
698 /* Measurement Request element */
699 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
700 wpabuf_put_u8(buf, 3 + wpabuf_len(req));
701 wpabuf_put_u8(buf, 1); /* Measurement Token */
702 wpabuf_put_u8(buf, req_mode); /* Measurement Request Mode */
703 wpabuf_put_u8(buf, MEASURE_TYPE_BEACON); /* Measurement Type */
704 wpabuf_put_buf(buf, req);
705
706 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
707 wpabuf_head(buf), wpabuf_len(buf));
708 wpabuf_free(buf);
709 if (ret < 0)
710 return ret;
711
712 return hapd->beacon_req_token;
713 }
714
715
hostapd_rrm_beacon_req_tx_status(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ok)716 void hostapd_rrm_beacon_req_tx_status(struct hostapd_data *hapd,
717 const struct ieee80211_mgmt *mgmt,
718 size_t len, int ok)
719 {
720 if (len < 24 + 3)
721 return;
722 wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_REQ_TX_STATUS MACSTR
723 " %u ack=%d", MAC2STR(mgmt->da),
724 mgmt->u.action.u.rrm.dialog_token, ok);
725 }
726
727
hostapd_send_link_measurement_req(struct hostapd_data * hapd,const u8 * addr)728 int hostapd_send_link_measurement_req(struct hostapd_data *hapd, const u8 *addr)
729 {
730 struct wpabuf *buf;
731 struct sta_info *sta;
732 int ret;
733
734 wpa_printf(MSG_DEBUG, "Request Link Measurement: dest addr " MACSTR,
735 MAC2STR(addr));
736
737 if (!(hapd->iface->drv_rrm_flags &
738 WPA_DRIVER_FLAGS_TX_POWER_INSERTION)) {
739 wpa_printf(MSG_INFO,
740 "Request Link Measurement: the driver does not support TX power insertion");
741 return -1;
742 }
743
744 sta = ap_get_sta(hapd, addr);
745 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
746 wpa_printf(MSG_INFO,
747 "Request Link Measurement: specied STA is not connected");
748 return -1;
749 }
750
751 if (!(sta->rrm_enabled_capa[0] & WLAN_RRM_CAPS_LINK_MEASUREMENT)) {
752 wpa_printf(MSG_INFO,
753 "Request Link Measurement: destination STA does not support link measurement");
754 return -1;
755 }
756
757 if (hapd->link_mesr_req_active) {
758 wpa_printf(MSG_DEBUG,
759 "Request Link Measurement: request already in process - overriding");
760 hapd->link_mesr_req_active = 0;
761 eloop_cancel_timeout(hostapd_link_mesr_rep_timeout_handler,
762 hapd, NULL);
763 }
764
765 /* Action + Action type + token + Tx Power used + Max Tx Power = 5 */
766 buf = wpabuf_alloc(5);
767 if (!buf)
768 return -1;
769
770 hapd->link_measurement_req_token++;
771 if (!hapd->link_measurement_req_token)
772 hapd->link_measurement_req_token++;
773
774 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
775 wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REQUEST);
776 wpabuf_put_u8(buf, hapd->link_measurement_req_token);
777 /* NOTE: The driver is expected to fill the Tx Power Used and Max Tx
778 * Power */
779 wpabuf_put_u8(buf, 0);
780 wpabuf_put_u8(buf, 0);
781
782 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
783 wpabuf_head(buf), wpabuf_len(buf));
784 wpabuf_free(buf);
785 if (ret < 0)
786 return ret;
787
788 hapd->link_mesr_req_active = 1;
789
790 eloop_register_timeout(HOSTAPD_RRM_REQUEST_TIMEOUT, 0,
791 hostapd_link_mesr_rep_timeout_handler, hapd,
792 NULL);
793
794 return hapd->link_measurement_req_token;
795 }
796